Download - Kishore Anjur - GRC Value Proposition
-
Oracle GRC value proposition on Oracle GRC value proposition on Segregation of Duties challengesSegregation of Duties challenges
Kishore AnjurKPMG LLPIT Advisory
Kishore AnjurKPMG LLPIT Advisory
A D V I S O R Y
August 21, 2009August 21, 2009
-
AgendaAgenda
Segregation of Duties Overview
Understanding the Drivers
SoD Process
Mitigate the impact of a SoD risk
Requirement for Automated SoD Solution
2 2009 KPMG LLP, a US member firm of the KPMG network of independent member firms affiliated with KPMG International,
a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
Requirement for Automated SoD Solution
Considerations of SoD
Oracle SoD Model
Overview of the tool
Oracle GRC solution
Key Success Factors
-
Topic: Oracle GRC value proposition on Segregation of Duties challenges Topic: Oracle GRC value proposition on Segregation of Duties challenges
Segregation of Duties (SoD)Segregation of Duties (SoD) has become an increasingly important has become an increasingly important riskrisk--management requirement for todays CEOs and CFOs. management requirement for todays CEOs and CFOs. Separating financial functions across individuals has always been good Separating financial functions across individuals has always been good business practicebusiness practice for reducing the risk of fraud and checking the for reducing the risk of fraud and checking the accuracy of financial transactions.accuracy of financial transactions. However, as an enterprise's user However, as an enterprise's user base grows, its financial systems become more complex and the base grows, its financial systems become more complex and the enterprise is forced to createenterprise is forced to create an increasing number ofan increasing number of manual controls, manual controls,
3 2009 KPMG LLP, a US member firm of the KPMG network of independent member firms affiliated with KPMG International,
a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
enterprise is forced to createenterprise is forced to create an increasing number ofan increasing number of manual controls, manual controls, maintaining effective SoD efficiently and at a reasonable cost is maintaining effective SoD efficiently and at a reasonable cost is becoming significantly more challenging.becoming significantly more challenging.
-
What is Segregation of Duties?What is Segregation of Duties?
The prevention of occupational fraud in the form of asset misappropriation and intentional financial misstatement.
4 2009 KPMG LLP, a US member firm of the KPMG network of independent member firms affiliated with KPMG International,
a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
-
SoD ObjectiveSoD Objective
A fundamental concept of internal control is the segregation of certain A fundamental concept of internal control is the segregation of certain key duties. key duties. The The basic idea underlying SoD is that no employee or group of idea underlying SoD is that no employee or group of employees should be in a position both to perpetrate and to conceal employees should be in a position both to perpetrate and to conceal errors or fraud in the normal course of their duties. errors or fraud in the normal course of their duties. The principal incompatible duties to be segregated are:The principal incompatible duties to be segregated are:
Initiate transaction Initiate transaction
5 2009 KPMG LLP, a US member firm of the KPMG network of independent member firms affiliated with KPMG International,
a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
Initiate transaction Initiate transaction Approve transaction Approve transaction Record transaction Record transaction Reconcile balancesReconcile balancesHandle assets Handle assets Review reports Review reports
-
Understanding Drivers - Common SoD RisksUnderstanding Drivers - Common SoD Risks
ManagementManagement ProcurementProcurement T&ET&E PayrollPayroll
SoDSoDRisks Risks
Earnings management
Improper management override
Improper expense
Fictitious Vendors Fictitious/inflated
invoices Duplicative
purchases (e.g., P-Card)
Improper P-Card
False/inflated reimbursement requests
Purchases for personal use
Duplicate purchasing and reimbursement
Ghost employees Inflated salaries Inflated hours Improper
supplemental payments
Improper incentive
6 2009 KPMG LLP, a US member firm of the KPMG network of independent member firms affiliated with KPMG International,
a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
expense capitalization
Excessive management override
Improper P-Card purchases
Structured payments Unauthorized /
unapproved purchases
Conflicts of interest
and reimbursement schemes
Unauthorized vendors Unauthorized
expenditures Excessive spending
Improper incentive compensation
Excessive overtime Excessive
supplemental payments, bonuses, incentive compensation
-
Source for SoD conflictsSource for SoD conflicts
Potential sources for SoD conflictsProduction support team excessive access Generic user namesNo defined segregation of duties policiesPreventative or detective controls to enforce SoD principles
7 2009 KPMG LLP, a US member firm of the KPMG network of independent member firms affiliated with KPMG International,
a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
No standard reports to identify SoD conflictsSystem Administrator accounts with seeded passwordsRelying on custom reports to address SoD issuesTurn off Auditing capture feature due to concern on database sizeNo defined exception reports for security exceptions or incidents
-
Source for ERP SoD conflictsSource for ERP SoD conflicts
OracleOracleExcessive access through seeded responsibilitiesExcessive access through seeded responsibilitiesWorkflow approvals not enforcedWorkflow approvals not enforcedManual 3way match by same userManual 3way match by same user
PeopleSoftPeopleSoft
8 2009 KPMG LLP, a US member firm of the KPMG network of independent member firms affiliated with KPMG International,
a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
Operator Preferences as extension of security features.Operator Preferences as extension of security features.Access allowing Correction modeAccess allowing Correction mode
JDEJDEUser level permissions override at group level permissionsUser level permissions override at group level permissionsUsers who enter Journal entry can also approveUsers who enter Journal entry can also approve
-
SoD Analysis ProcessSoD Analysis Process
SoD Analyst
New project
Start Identify Financially
significant business processes.
Source Data Obtain Source data with Users and
their security information
Sod Rules Design the Sod rules based
on key responsibilities in collaboration with business process owner
Sod conflict matrix Create a SoD conflict matrix
by application and by function
Stabilize the processEstablish policies and procedures to continually monitor to detect
9 2009 KPMG LLP, a US member firm of the KPMG network of independent member firms affiliated with KPMG International,
a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
Remediation Scale down excessive
access
Monitor new user access
SoD Analysis LifecycleChange
locations, roles, etc
Forget password
Reports Establish a process to analyze
the users and security data against SoD rules
Oracle GRCC suite Custom SoD tool
Submit SoD reports to process owner
By business process By department By Manager If a new user in conflicts provide
with hire date/ access granted date
RetestRerun the analysis by effecting the remediation
Reduce the risk Identify compensating controls
Identify mitigating controls
continually monitor to detect segregation of duties conflicts and continue to perform SoD analysis
-
SoD Conflict MatrixSoD Conflict Matrix
Example of SoD conflict matrix for cross applicationsExample of SoD conflict matrix for cross applications
In-Scope Applications Cross Application considerations
J
D
E
d
w
a
r
d
s
O
r
a
c
l
e
/
F
D
R
M
G
A
L
F
A
A
R
C
V
a
l
L
i
f
e
M
a
s
t
e
r
/
P
o
l
y
s
y
s
t
e
m
s
T
r
i
t
o
n
C
h
a
r
l
e
s
R
i
v
e
r
P
A
M
-
S
e
c
u
r
i
t
y
P
a
m
-
M
o
r
t
g
a
g
e
T
A
I
A
S
/
4
0
0
H
o
m
e
g
r
o
w
n
A
d
m
i
n
S
e
r
v
e
r
F
A
S
A
T
L
i
f
e
7
0
(
I
S
A
a
n
d
A
M
L
)
L
i
f
e
7
0
(
Q
u
i
n
c
y
)
V
a
n
t
a
g
e
O
n
e
(
Q
u
i
n
c
y
)
C
A
P
S
I
L
I
n
g
e
n
i
u
m
D
e
a
t
h
C
l
a
i
m
S
y
s
t
e
m
C
e
r
i
d
i
a
n
-
H
R
I
S
a
n
d
P
a
y
r
o
l
l
A
n
n
u
i
t
y
P
a
y
o
u
t
S
y
s
t
e
m
(
A
P
S
)
I
n
d
i
v
i
d
u
a
l
C
l
a
i
m
s
S
y
s
t
e
m
(
I
C
S
)
I
n
t
e
r
e
s
t
R
a
t
e
s
L
P
S
T
L
S
JD EdwardsOracle/FDR NMG ALFAARC ValLifeMaster / PolysystemsTritonCharles River
10 2009 KPMG LLP, a US member firm of the KPMG network of independent member firms affiliated with KPMG International,
a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
Charles RiverPAM-SecurityPam-Mortgage YTAIAS/400 Homegrown YAdmin Server N NFASAT Y N NLife 70 (Des Moines) Y N N NLife70 (Quincy) N N N N N/A `Vantage One (Quincy) N N N N N N/ACAPSIL Y n/a N N N N NIngenium Y n/a N N N N N NDeath Claim System Y N N N N N N N NCeridian - HRIS and Payroll Y N N N N N N N N NAnnuity Payout System (APS) N Y N N N N N N N N N/AIndividual Claims System (ICS) N Y N N N N N N N N N NInterest Rates N N N N N N N N N N N N NLPS Y N N N N N N N N N N N N NTLS Y N N N N N N N N N N N N N N
LegendYNN/A
Valid cross application Not a valid cross application combinationCross Application conflcit is not possible
-
Reduce Residual SoD RiskReduce Residual SoD Risk
CompensatingCompensating controlscontrols OperatesOperates atat samesame levellevel ofof KeyKey controlcontrolandand eliminateseliminates completecomplete riskrisk
Ex: On a daily basis the A/P Manager compares all payment Ex: On a daily basis the A/P Manager compares all payment requests to ensure an appropriate cost center manager has requests to ensure an appropriate cost center manager has approved the invoice and that the approver is within his/her approved the invoice and that the approver is within his/her established limits. established limits.
MitigatingMitigating ControlsControls-- ReduceReduce thethe impactimpact ofof thethe riskrisk partiallypartially
11 2009 KPMG LLP, a US member firm of the KPMG network of independent member firms affiliated with KPMG International,
a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
MitigatingMitigating ControlsControls-- ReduceReduce thethe impactimpact ofof thethe riskrisk partiallypartiallyExEx:: SuspenseSuspense accountaccount balancesbalances areare analyzedanalyzed andand reviewedreviewed bybyappropriateappropriate personnelpersonnel forfor large,large, old,old, oror unusualunusual itemsitems..
Scale down excessive accessScale down excessive accessCreate common profiles by considering Sod conflictsCreate common profiles by considering Sod conflicts
-
Requirement for Automated SoD (GRC) Requirement for Automated SoD (GRC) SolutionsSolutionsRequirement for Automated SoD (GRC) Requirement for Automated SoD (GRC) SolutionsSolutions
In the current complex business environment, there is an In the current complex business environment, there is an increased focus on adopting innovative ways of assessing and increased focus on adopting innovative ways of assessing and managing Segregation of Duties (SoD) risk while enhancing managing Segregation of Duties (SoD) risk while enhancing performanceperformance
Advances in technology have paved the way for increased use of Advances in technology have paved the way for increased use of GRC on organizational processes, transactions, systems and GRC on organizational processes, transactions, systems and
12 2009 KPMG LLP, a US member firm of the KPMG network of independent member firms affiliated with KPMG International,
a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
GRC on organizational processes, transactions, systems and GRC on organizational processes, transactions, systems and controlscontrols
Organizations are leveraging technologies to change how they Organizations are leveraging technologies to change how they evaluate the effectiveness of controls and monitor performanceevaluate the effectiveness of controls and monitor performance
Integrated GRC approach Integrated GRC approach RealReal--time transaction analysis time transaction analysis Continuous control monitoring Continuous control monitoring Fraud detection Fraud detection
-
Considerations for SoDConsiderations for SoD
What are the What are the Objectives?Objectives?
What What analytical analytical
functionality is functionality is required?required?
What What
Where will Where will data come data come
from?from?
What are our What are our
13 2009 KPMG LLP, a US member firm of the KPMG network of independent member firms affiliated with KPMG International,
a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
What are the What are the Focus Areas?Focus Areas?
How will How will analysis be analysis be performed?performed?
What What exception exception handling is handling is required?required?
What What reporting do reporting do we need? we need?
Dashboards?Dashboards?
What are our What are our infrastructure infrastructure requirementsrequirements
??
How are endHow are end--users users
impacted?impacted?
-
Oracle SoD (GRC) OverviewOracle SoD (GRC) Overview
14 2009 KPMG LLP, a US member firm of the KPMG network of independent member firms affiliated with KPMG International,
a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
-
Overview of the Oracle SoD toolOverview of the Oracle SoD tool
Tool background
The Oracle GRC Solution is relatively new and developed in the past few years. It is based upon the acquisitions of Stellent and LogicalApps. It is comprised of the following modules:
GRC IntelligenceGRC Manager (Previous Stellent Solution)GRC Controls Suite (Previous Logical Apps Solution)
15 2009 KPMG LLP, a US member firm of the KPMG network of independent member firms affiliated with KPMG International,
a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
Technical architecture
Oracle GRC is designed to work on an integrated basis within the Oracle stable of products. It operates from an application server attached to the target ERP system, monitoring data at source. Reporting is through email alerts or dashboards. It is designed to integrate with Oracle Applications (EBS, People soft, JDE, Siebel ) as well as other non-Oracle ERP applications (such as SAP, Lawson, etc.).
Technical requirements
Application and database server for Stellent, Integra and GRC suite
-
Overview of the Oracle SoD toolOverview of the Oracle SoD tool
Recommended use
Environments where the target ERP is Oracle E-Business Suite or PeopleSoftReal time, preventative controls for segregation of duties (SoD), data change
management and configuration managementContinuous monitoring and continuous audit rather than point in time
snapshots; monitoring occurs in real time, not using data extractsWhere removing data from the client site causes security problemsLarger companies
16 2009 KPMG LLP, a US member firm of the KPMG network of independent member firms affiliated with KPMG International,
a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
Case studies Oracle provides two case studies from their Governance, Risk and Compliance Solution Space:
Unum ProvidentCentro Properties Group
http://launch.oracle.com/?GRC5
-
Functionality of the Oracle SoD tool componentsFunctionality of the Oracle SoD tool components
Functionality GRC Intelligence:Prebuilt, role-based Dashboards and KRIs Tailored GRC diagnostics for business processes and rolesHeterogeneous data integrationLeverage single source of GRC information across organizations, departments and locationsLibrary of OOTB Reports spanning the overall GRC process GRC Manager
17 2009 KPMG LLP, a US member firm of the KPMG network of independent member firms affiliated with KPMG International,
a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
Reduce cost and complexity by managing multiple global mandates with one system
Rely on tamper-proof chain of evidence for all financial compliance processes Align policies and processes with better practice risk and control frameworks
GRC ManagerPerform control automation configuration and administrationManage control automation for business processesUse test plans and report control effectiveness
GRC Control Suite Briefed in next slides
-
GRCC OverviewGRCC Overview
GRC Controls SuiteGRC Controls Suite
GRC Controls SuiteGRC Controls SuiteApplication AccessControls Governor (AACG)Configuration
Controls Governor (CCG)(Integra Apps)
GRC PlatformGRC Platform
18 2009 KPMG LLP, a US member firm of the KPMG network of independent member firms affiliated with KPMG International,
a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
Controls Governor (AACG)
TransactionControls Governor (TCG)
(Integra Apps)
Oracle EOracle E--Business SuiteBusiness SuitePreventive
Controls Governor (PCG)
-
Oracle GRC Controls (GRCC) componentsOracle GRC Controls (GRCC) components
GRCC Platform GRCC Platform -- GRC Controls Management FeaturesReduce risk of fraud with continuous monitoring of automated controlsEnforce effective preventive and detective controls across all systemsControl user access and enforce segregation of duties with business driven rules
AACG AACG Application Access control Governor Application Access control Governor
19 2009 KPMG LLP, a US member firm of the KPMG network of independent member firms affiliated with KPMG International,
a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
SoD solutionSoD solutionTCG TCG Transactional Control GovernorTransactional Control Governor
Suspect tracing on Key transactionsSuspect tracing on Key transactionsCCG CCG Configuration Control GovernorConfiguration Control Governor
Setup changes tracingSetup changes tracingPCG PCG Preventive Control GovernorPreventive Control Governor
Compensating control for AACG Compensating control for AACG
-
How to Enable the GRCC SoD processHow to Enable the GRCC SoD process
SoD Analyst
New project
Start - Create GRC users Admin - SoD super user View only - Auditor Approver SoD approver
RetestRerun the analysis by effecting the remediation and continue to
AACG Design new SoD rules Upload SoD rules from excel Enable GRC default Sod rules Define work flow rules
Identify SoD focus area Analyze the reports Finalize conflict rules
Process Reports Ad-hoc reports Schedule reports
20 2009 KPMG LLP, a US member firm of the KPMG network of independent member firms affiliated with KPMG International,
a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
Remediation Scale down excessive
access
Monitor new user access
SoD Analysis LifecycleChange
locations, roles, etc
Forget password
Configure Control Library Define elements Define attributes Define workflow process
the remediation and continue to perform SoD analysis
Finalize conflict rules
TCG Define transaction controls (SQL) Define task approval Define Suspects
PCG Form rules Flow rules Audit rules Change control rules
CCG Who What When
GRC Intelligence Ad-hoc reports Schedule reports
-
GRC Intelligence Interactive Dashboard (Sample output)GRC Intelligence Interactive Dashboard (Sample output)
21 2009 KPMG LLP, a US member firm of the KPMG network of independent member firms affiliated with KPMG International,
a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
-
GRC Intelligence Controls Summary (Sample output)GRC Intelligence Controls Summary (Sample output)
22 2009 KPMG LLP, a US member firm of the KPMG network of independent member firms affiliated with KPMG International,
a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
-
GRC Intelligence Risk Mitigation (Sample output)GRC Intelligence Risk Mitigation (Sample output)
23 2009 KPMG LLP, a US member firm of the KPMG network of independent member firms affiliated with KPMG International,
a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
-
GRC Intelligence SoD Analysis (Sample output)GRC Intelligence SoD Analysis (Sample output)
24 2009 KPMG LLP, a US member firm of the KPMG network of independent member firms affiliated with KPMG International,
a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
-
Oracle GRC Potential benefitsOracle GRC Potential benefits
Incorporated within the Oracle ebusiness Suite/PeopleSoft/JD Edwards/Siebel Incorporated within the Oracle ebusiness Suite/PeopleSoft/JD Edwards/Siebel stable of productsstable of productsLeverages a single source of GRC information across departments, locations, Leverages a single source of GRC information across departments, locations, and business unitsand business unitsImproves risk responsiveness with timely control and performance diagnosticsImproves risk responsiveness with timely control and performance diagnosticsTailor GRC dashboards to specific needs of a role or organizationTailor GRC dashboards to specific needs of a role or organizationDesigned to prevent, rather than detectDesigned to prevent, rather than detectReduce cost and complexity by managing multiple regulatory mandates with Reduce cost and complexity by managing multiple regulatory mandates with
25 2009 KPMG LLP, a US member firm of the KPMG network of independent member firms affiliated with KPMG International,
a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
Reduce cost and complexity by managing multiple regulatory mandates with Reduce cost and complexity by managing multiple regulatory mandates with one systemone systemRely on tamperRely on tamper--proof chain of evidence for all compliance processesproof chain of evidence for all compliance processesControl user access and enforce segregation of duties with businessControl user access and enforce segregation of duties with business--driven driven rules rules Reduce risk of fraud with continuous monitoring of automated controls Reduce risk of fraud with continuous monitoring of automated controls Provides deeper insight into SoD areas of risk and opportunity, while Provides deeper insight into SoD areas of risk and opportunity, while strengthening governance structuresstrengthening governance structures
-
Key Success Factors of GRC projectKey Success Factors of GRC project
Senior executive support
Executive involvement at all stages of the project including opportunity identification, selection, Executive involvement at all stages of the project including opportunity identification, selection, prioritization and signprioritization and sign--offoff
Clear GRC leadership roles to drive cultural changeClear GRC leadership roles to drive cultural change Identification of control owners to report failures, escalate issues, etc.Identification of control owners to report failures, escalate issues, etc.
Technology toolsand experienced resources
FactFact--based approach to identification, quantification and prioritization of GRC opportunities based approach to identification, quantification and prioritization of GRC opportunities Selection of appropriate GRC tools to contain costs and speed up communicationSelection of appropriate GRC tools to contain costs and speed up communication Experienced staff who can commence fieldwork immediately Experienced staff who can commence fieldwork immediately
26 2009 KPMG LLP, a US member firm of the KPMG network of independent member firms affiliated with KPMG International,
a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
Establishedapproach to GRC
Global continuous monitoring framework and approachGlobal continuous monitoring framework and approach Identification of key control check pointsIdentification of key control check points Methodology emphasizes SoD risk and continuous improvementMethodology emphasizes SoD risk and continuous improvement
Well planned approach
Detailed project initiation and work plan documentsDetailed project initiation and work plan documents Knowledge of linkage to enterprise risk exposuresKnowledge of linkage to enterprise risk exposures Organizations risk profile is fundamental to the assessment and design of the GRC solutionOrganizations risk profile is fundamental to the assessment and design of the GRC solution
Organizational alignment
Incorporation of key line management within the GRC projectIncorporation of key line management within the GRC project Partnering with team members to help enable knowledge transferPartnering with team members to help enable knowledge transfer Senior industry and functional practitionersSenior industry and functional practitioners
-
Business SystemsBusiness Systems SecuritySecurity StrategicStrategic AttestationAttestation Enterprise Enterprise
Application StrategyApplication Strategy Systems Systems
Implementation Implementation ReviewReview
Configurable Control Configurable Control
Security Strategy Security Strategy Information Information
Governance and Governance and PrivacyPrivacy
Identity and Access Identity and Access ManagementManagement
IT Project IT Project Management Office Management Office (PMO)(PMO)
IT Strategy, IT Strategy, Governance, and Governance, and PerformancePerformance
Audits of thirdAudits of third--party party services providers services providers (SAS 70)(SAS 70)
IT internal auditIT internal audit WebTrust/ SysTrustWebTrust/ SysTrust FISAP (Financial FISAP (Financial
KPMG IT Advisory Service OverviewKPMG IT Advisory Service Overview
27 2009 KPMG LLP, a US member firm of the KPMG network of independent member firms affiliated with KPMG International,
a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
AssessmentAssessment Access and SOD Access and SOD
assessmentassessment Business Business
Process/Systems Process/Systems Optimization ReviewOptimization Review
Master Data Master Data ManagementManagement
Security Vulnerability Security Vulnerability ManagementManagement
Enterprise Resiliency Enterprise Resiliency and Business and Business ContinuityContinuity
Payment Card Payment Card Industry (PCI)Industry (PCI)
Sourcing (off/onshore) Sourcing (off/onshore) and Shared Servicesand Shared Services
PostPost--Merger IT Merger IT IntegrationIntegration
Business IntelligenceBusiness Intelligence Vendor and systems Vendor and systems
selectionselection
FISAP (Financial FISAP (Financial Institutions Shared Institutions Shared Assessments Assessments ProgramProgram))
-
Q&AQ&A
28 2009 KPMG LLP, a US member firm of the KPMG network of independent member firms affiliated with KPMG International,
a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
Q&AQ&A
-
Presenter contact detailsPresenter contact detailsKishore AnjurKishore Anjur
KPMG LLPKPMG LLP(847) 749(847) 749--52345234
[email protected]@kpmg.com
29
[email protected]@kpmg.comwww.kpmg.comwww.kpmg.com
Additional Contributions: Chris Hambach and Tim GavinAdditional Contributions: Chris Hambach and Tim Gavin
The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although weendeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continueto be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation.
2008 KPMG LLP, a U.S. limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved.